Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

NSRP fail over failed with Interface monitoring enabled due to weight settings on NSRP Interface Monitoring

0

0

Article ID: KB17432 KB Last Updated: 03 Jun 2010Version: 2.0
Summary:

NSRP fail over failed with interface monitoring enabled need to know why?

Symptoms:

NSRP fail over failed with interface monitoring enabled need to know why? Also need to know how to resolve the issue?

Solution:

NSRP fail over failed with Interface monitoring enabled due to the weigh not being set correctly. The following are steps to troubleshooting the issue and how to resolve the problem:

  • Run the following command if you are monitoring at the device level:  get nsrp monitor, and if you are monitoring at VSD level run the command get nsrp vsd-group id <id> monitor. Below is a sample output:
  • nsisg2000(M)-> get nsrp monitor
    device based nsrp monitoring threshold: 255, weighted sum: 155, not failed
    device based nsrp monitor interface: ethernet1/1(weight 155, DOWN) ethernet1/2(weight 155, UP)
    device based nsrp monitor zone:
    device based nsrp monitor security module:
    device based nsrp track ip: (weight: 255, disabled)

    In this case, the eth1/1 interface is down but the device is still master. This is because in order for a failover to happen, the device must hit a combined weight of 255. If the weight of 255 is not met, then a failover will not occur.

  • Configuration related to NSRP for this test:
  • nsisg2000(M)-> get config | i nsrp
    set nsrp cluster id 1
    set nsrp vsd-group id 0 priority 100
    set nsrp monitor interface ethernet1/1 weight 155
    set nsrp monitor interface ethernet1/2 weight 155

  • In order for a failover to happen in this situation, both interfaces will have to fail to trigger a combined weight of 255 or higher:
  • nsisg2000(I)-> get nsrp monitor
    device based nsrp monitoring threshold: 255, weighted sum: 310, failed
    device based nsrp monitor interface: ethernet1/1(weight 155, DOWN) ethernet1/2(weight 155, DOWN)
    device based nsrp monitor zone:
    device based nsrp monitor security module:
    device based nsrp track ip: (weight: 255, disabled)

    As you can see now both interfaces are down the the combine failed weight is 310 that has triggered the device to failover.

  • So the solution would be to set the weight to 255 per interface (which is the default setting).  Then if one interface fails, a failover is triggered.  For example, both of the following configurations are equivalent:
  • nsisg2000(M)-> get config | i nsrp
    set nsrp cluster id 1
    set nsrp vsd-group id 0 priority 100
    set nsrp monitor interface ethernet1/1 
    set nsrp monitor interface ethernet1/2

    OR 
    nsisg2000(M)-> get config | i nsrp
    set nsrp cluster id 1
    set nsrp vsd-group id 0 priority 100
    set nsrp monitor interface ethernet1/1 weight 255
    set nsrp monitor interface ethernet1/2 weight 255


For additional troubleshooting and explanations, refer to KB11192 - In NSRP Active/Passive environment, how do I perform a device fail over of monitored objects (Interface, Track-IP, and Zone)?.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search